For some years now, since we were back as a little boy, the Internet has proliferated into an essential medium. Very few companies remain unconnnected and is generally a fairly easy task with the advent of DSL as a cheap high speed communications medium. I'm surprised however at how many network professionals still have a problem with the concept of getting BOTH their internet going as well as connectivity to the rest of their internal (WAN) network.

What they'll often try and do is have 2 NIC''s (Network Interface Card's) attached to each network, one internal and one external. So far, so good.

What they'll then try and do however is setup the default gateway on BOTH of their NIC's pointing to the router attached to that NIC. This is where the operating system generally as a heart attack and hence what causes people the most grief.

I ask you, how is it that you can have 2 defaults for anything? The whole concept of default is that there is just one "standard". A default gateway is used by the operating system to know where to throw traffic if its not for the local subnet.

"Hmmnn... not for this IP range I live on. I'll throw it at the default gateway and see if it can work it out".

The problem of course lies in that with 2 default gateways, which one should be used? And hence.... it doesnt work.

So. Which default gateway should be entered and where?

Lets answer that with another question. Which is the bigger "more complex" network? Whichever is the more "complex" network should be assigned as the default gateway. Lets see why.

Imagine on your corporate network you have 5 sites. You've been a good boy and used IP's from the Private IP range (according to the RFC's) and have used the following addressing format.

10.0.1.x - Site 1 (main site)

10.0.2.x - Site 2 (across town)

10.0.3.x - Site 3 (Interstate warehouse)

10.0.4.x - Site 4 (Remote Sales Office)

10.0.5.x - Site 5 (Interstate Manufacturing site)

Your "server" above (lets assume Microsoft ISA Server) should have it's default gateway set to the ethernet adaptor IP address of the router used to connect to the Internet. "But how does it connect to the other sites!?" I hear you cry..

Easy. Static Routes.

Whilst we can only have 1 default gateway and hence 1 default route, we can define manual "static" (unchanging) routes to direct specific traffic in a specific location.

Say for a moment the Ethernet adaptor of the Rotuer used to connect to our WAN had the addres 10.0.1.254. On our ISA Server we type in the command:

route add -p 10.0.0.0 mask 255.255.0.0 10.0.1.254

Nice command. What the hell does it mean!

If we break it down, the first bit seems pretty easy: route add means to, well, add a route. the -p means to make it permanent, meaning it will "survive" through reboots of the machine.

The 10.0.0.0 basically defines the way that the IP address should look and the word mask followed by 255.255.0.0 means that anything starting with 10.0 should be sent through this new gateway.

The last bit 10.0.1.254 is the IP address that we want to hand this traffic over to.

So let's test our different sites to see if they fit the "rules" of the subnet mask. They all start with 10.0 so everythings cool.

If we opened a new site and gave it the address 10.10.1.x, would our default rule work? No! Because it doesn't fit into our subnet mask component.

Some would say that there should in fact be 4 rules for the 4 sites. eg:

route add -p 10.0.2.0 mask 255.255.255.0 10.0.1.254

route add -p 10.0.3.0 mask 255.255.255.0 10.0.1.254

route add -p 10.0.4.0 mask 255.255.255.0 10.0.1.254

route add -p 10.0.5.0 mask 255.255.255.0 10.0.1.254

Whilst each of those will technically work, its up to you to define how you'd like your static routes to be set. My 1st example was simpler but not very specific. The 4 above are quite clear in that they define exaclty which subnet goes where and may be helpful if you actually had a couple of internal routers for different IP ranges.